An OASIS Work Product Repository
Members of the OASIS Open Command and Control (OpenC2) Technical Committee use this GitHub repository as part of the TC's chartered work. Contributors must be Members of the TC. Work is governed by the OASIS policies and is not done under typical open source licensing. For more details, see the Contributions and Licensing sections below.
This specification defines an actuator profile (AP) to automate collection of security posture attributes from virtual and physical computing resources using OpenC2.
OpenC2 work product repositories are organized a bit differently than typical open source software project repositories:
- The Published (default) branch represents the current, stable, approved version of the work product. If the product hasn't progressed past an OASIS Committee Specification Draft (CSD), this branch is essentially empty.
- The Working branch is where all work-in-progress content is captured, and is the place to go for the current working version of this work product.
More information about the TC's repository organizing conventions and branching strategy can be found in our Documentation Norms.
This specification defines an actuator profile (AP) to automate collection of security posture attributes from virtual and physical computing resources using OpenC2. Security Posture Attribute Collection (PAC) supports security automation by providing mechanisms to collect and aggregate the configuration and status of network components for use in situational awareness, security posture evaluation, and response actions. This actuator profile defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of PAC. It covers identification of computing resources, definition of security-relevant resource attributes, and controlling the collection of those attributes using direct pull or event-based push mechanisms.
As stated in this repository's CONTRIBUTING file, contributors to this repository are expected to be Members of the OASIS OpenC2 TC, for any substantive change requests. Anyone wishing to contribute to this GitHub project and participate in the TC's technical activity is invited to join as an OASIS TC Member. Public feedback is also accepted, subject to the terms of the OASIS Feedback License.
Please see the LICENSE file for description of the license terms and OASIS policies applicable to the TC's work in this GitHub project. Content in this repository is intended to be part of the OpenC2 TC's permanent record of activity, visible and freely available for all to use, subject to applicable OASIS policies, as presented in the repository LICENSE file.
This repository is designed to support TC members' work on a formal specification that describes OpenC2 Actuator Profile for Posture Attribute Collection. This GitHub repository supports development of the content and change tracking for the PAC AP as new working draft level revisions are created and the associated CSDs mature.
The editors of this work product are:
- David Kemp (@davaya), National Security Agency
- David Lemire (@dlemire60), National Security Agency
In addition to the editors, the following individual also have maintainer privileges for this repository:
- Duncan Sparrell (@sparrell), OpenC2 TC Co-Chair, sFractal Consulting
- Michael Rosa (@mjrosa), OpenC2 TC Co-Chair, National Security Agency
Members of the OASIS Open Command and Control (OpenC2) TC create and manage technical content in this TC GitHub repository ( https://github.com/oasis-tcs/openc2-jadn ) as part of the TC's chartered work (i.e., the program of work and deliverables described in its charter).
OASIS TC GitHub repositories, as described in GitHub Repositories for OASIS TC Members' Chartered Work, are governed by the OASIS TC Process, IPR Policy, and other policies, similar to TC Wikis, TC JIRA issues tracking instances, TC SVN/Subversion repositories, etc. While they make use of public GitHub repositories, these TC GitHub repositories are distinct from OASIS Open Repositories, which are used for development of open source licensed content.
Please send questions or comments about OASIS TC GitHub repositories to the OASIS TC Administrator. For questions about content in this repository, please contact the TC Chair or Co-Chairs as listed on the the TC's home page.